Use PowerShell to Install Active Directory Certificate Services
In this blog article, I'll use PowerShell to install Active Directory Certificate Services in my test environment. The domain controller that's being used is running Windows Server 2012 R2 Server Core Installation (no-GUI). The workstation that I'm using is running Windows 8.1 and it is a member of the same Active Directory domain.
Many times when I'm prototyping something on a single remote server, I'll use one to one remoting so
that it's an interactive session. The Enter-PSSession
cmdlet is used for one to one remoting as
shown in the following example where I'll establish an interactive session to my test domain
controller named dc01:
1Enter-PSSession -ComputerName dc01
Notice that the prompt is preceded by [dc01]: once the PowerShell remoting interactive session is established. Any commands that are issued while in an interactive session are executed on the remote computer that's specified in those square brackets.
In the previous example, I was logged into the workstation that I established the interactive
session from as a user who has rights to establish an interactive session on dc01, but that probably
wouldn't be the case in a production environment where you would need to use the Credential
parameter to specify alternate credentials.
Before jumping in head first and trying to install something, first check to see if it's already installed. In this case, I'll check to see if certificate services is already installed:
1Get-WindowsFeature -Name AD-Certificate
To install Active Directory Certificate Services, simply pipe the previous command to the Install-WindowsFeature
cmdlet:
1Get-WindowsFeature -Name AD-Certificate | Install-WindowsFeature
There are a number of PowerShell cmdlets for deploying and administering Active Directory Certificate Services:
1Get-Command -Module ADCS*
One of the gotcha's about working in a PowerShell remoting interactive session is that the
ShowWindow
parameter of Get-Help
doesn't work:
1help Install-AdcsCertificationAuthority -ShowWindow
Specifying the WhatIf
parameter with Install-AdcsCertificationAuthority
allows you to see the
defaults that will be used without specifying any parameters (based on the help, no parameters are
required):
1Install-AdcsCertificationAuthority -WhatIf
For this test environment, the defaults are fine so I'll run the cmdlet without WhatIf
:
An ErrorId of 0 indicates that the role was installed successfully.
To exit the remote interactive session, simply use the Exit-PSSession
cmdlet:
µ